Lucene search
+L

1001 matches found

Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.10 views

PT-2026-6595

Name of the Vulnerable Software and Affected Versions Monstra CMS version 3.0.4 Description Monstra CMS version 3.0.4’s Files Manager plugin has an issue where arbitrary files can be uploaded. The application uses a blacklist to validate file extensions and stores uploaded files in a directory...

8.8CVSS6AI score0.00681EPSS
Exploits2References6
EUVD
EUVD
added 2026/02/03 7:31 a.m.7 views

EUVD-2026-5276

The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OSDataHubMapsAdmin::addfileandext' function in all versions up to, and including, 1.8.3. This makes it possible for authenticated attackers, with Author-level access and...

8.8CVSS6.5AI score0.0052EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/03 7:31 a.m.3 views

CVE-2026-1730

The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OSDataHubMapsAdmin::addfileandext' function in all versions up to, and including, 1.8.3. This makes it possible for authenticated attackers, with Author-level access and...

8.8CVSS6.5AI score0.0052EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.10 views

podinfo 安全漏洞

Podinfo is a Kubernetes microservice template developed by Stefan Prodan. Versions of Podinfo 6.9.0 and earlier contain security vulnerabilities. These vulnerabilities stem from unvalidated attackers being able to upload arbitrary files through specially crafted POST requests. Additionally, the...

6.1CVSS5.8AI score0.00244EPSS
Exploits4References1
CVE
CVE
added 2026/01/30 10:7 p.m.13 views

CVE-2020-37054

Navigate CMS 2.8.7 is affected by a cross-site request forgery vulnerability that lets attackers upload malicious extensions via a crafted HTML page. By abusing the extension upload functionality without additional validation, an authenticated administrator can be tricked into performing arbitrar...

8.8CVSS5.9AI score0.00203EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/29 9:24 a.m.11 views

CVE-2026-1400

The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resthelpersupdatemediametadata function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attacker...

7.2CVSS6.5AI score0.00667EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 9:15 a.m.8 views

CVE-2026-1400

The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resthelpersupdatemediametadata function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attacker...

7.2CVSS0.00667EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.23 views

WordPress Plugin AI Engine – The Chatbot and AI Framework for WordPress Code Issues and Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

7.2CVSS6AI score0.00667EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.8 views

Books_Manager code issue vulnerabilities

BooksManager is a book management system developed by iJason-Liu. There are code issues and vulnerabilities in BooksManager, which stem from incorrect handling of the parameter “bookcover” in the file controllers/bookscenter/uploadbookCover.php. This could lead to arbitrary file uploads...

5.8CVSS6AI score0.00223EPSS
Exploits0References4
NVD
NVD
added 2026/01/24 1:15 p.m.8 views

CVE-2026-0911

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the actionimportmodule function in all versions up to, and including, 7.8.9.2. This makes it possible for authenticated attackers, wi...

7.5CVSS0.00542EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/24 7:26 a.m.8 views

CVE-2025-13374

The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the kalravuploadfile AJAX action in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

9.8CVSS6.5AI score0.01056EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/19 12:0 a.m.7 views

MPay code-related vulnerabilities

MPay is a convenient payment collection tool developed by Technic Laohu in China. Versions of MPay 1.2.4 and earlier have code vulnerabilities, which stem from incorrect handling of the parameter “codeimg”. This vulnerability may lead to arbitrary file uploads...

9.8CVSS6AI score0.00299EPSS
Exploits1References4
NVD
NVD
added 2026/01/16 8:15 p.m.7 views

CVE-2012-10064

Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions,...

9.3CVSS0.00677EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.6 views

WordPress plugin Supreme Modules Lite 代码问题漏洞

WordPress Supreme Modules Lite plugin is a free extension plugin designed for Divi themes and DiviBuilder. WordPress Supreme Modules Lite plugin has a code issue vulnerability that stems from insufficient file type validation, which can be exploited by an attacker to cause arbitrary file uploads...

8.8CVSS6AI score0.00505EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.4 views

PHPGurukul News Portal Project 安全漏洞

PHPGurukul News Portal Project is a news portal project by PHPGurukul Inc. A security vulnerability exists in PHPGurukul News Portal Project version V4.1, which stems from a file upload vulnerability in the upload.php file, which could lead to arbitrary file uploads...

9.8CVSS5.9AI score0.00508EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.9 views

CVE-2023-4861

The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution...

7.2CVSS7.6AI score0.01331EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:8 p.m.9 views

CVE-2018-18888

An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed...

9.8CVSS7.2AI score0.01295EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.5 views

BiggiDroid Simple PHP CMS 安全漏洞

BiggiDroid Simple PHP CMS is a BiggiDroid open source content management system. A security vulnerability exists in BiggiDroid Simple PHP CMS version 1.0, which stems from the incorrect manipulation of the parameter image in the file /admin/editsite.php, which could lead to arbitrary file uploads...

7.2CVSS4.9AI score0.0042EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.11 views

CVE-2019-12185

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the we...

9CVSS7.8AI score0.18106EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:11 a.m.26 views

CVE-2025-1304

The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsbloggerinstallandactivateplugin function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS7.6AI score0.00996EPSS
Exploits1References1
Rows per page
Query Builder